Save 35% on a CIP subscription today!
Use code cybernewyear35 at checkout to save 35% on a CIP subscription today!
Valid until January 2nd. Hurry, this offer ends soon!

Overview

At this point, you can probably tell that there are a lot of similarities between Incident Response, Business Continuity, and Disaster Recovery. In this lesson, we'll try to call out a few things that make planning for Disaster Recovery different.

Embedded image

A key element is the degree to which you need to use your imagination. You really need to consider the worst case scenarios and how you would deal with them. It can be hard to imagine that you could lose facilities, power, communications, data, supplies, and worst of all, people.

Rather than having to merely keep operations running, you are going to possibly need to rebuild your operations. You will need to account for things like alternate sites, alternate means of communication, and backup systems that you can fail over to. You may need to re-route shipping and/or establish new supply chains. You also may need to be concerned about rescuing personnel, giving them housing, and providing them with a means for transportation.

A couple of key items that should be defined in a DR plan include The RTO and RPO (described below). These parameters allow you to determine how much damage a given disaster has caused or is causing, based on what you have done to plan ahead.

  • Recovery Time Objective (RTO) - This is the maximum amount of time that the organization has assessed that it can afford to wait for IT systems to come back online after a disaster strikes. Another way of looking at this is that it is the amount of time in which you need to restore systems after a disaster in order to avoid an unacceptable situation for the business.
  • Recovery Point Objective (RPO) - This is the maximum amount of data that the organization can afford to lose in a disaster before it becomes severely damaging to the business. Another way of looking at this is that it relates to how often you should create backups of your data because if a disaster should hit between backups, this would be the amount of data you would lose. Perhaps your backups are created every five hours. If you were to lose five hours of data, would that be acceptable for your business or would that be too great of a loss? When you are planning for a disaster, you need to assess this and make changes to your backup processes accordingly.

Disaster Recovery

Call Trees

A basic tool that can be critical for a DR Plan is a call tree. This is a list of whom to contact, and in what order, when a disaster occurs. This type of list can be critical in a disaster, where it's feasible that one or more people in the contact chain could be missing or unavailable. If your plan relies on key personnel to make decisions, what happens if those people cannot be reached? Who should you reach out to next?

Embedded image

While a call tree was once a simple list, today's technology has enabled automated call trees that can be "activated" to notify people in the chain through multiple modes with the click of a button. Such automated systems can also be set up to reach out to employees at large and ask them to confirm that they are OK.

As mentioned above, people may need to use alternate forms of communication in an emergency. From a cybersecurity point of view, it is important to ensure those alternate communication methods will be secure. You need to protect people's contact info and not leave the organization vulnerable when it is already dealing with a difficult situation. Threat actors could take advantage of such a situation and launch phishing attacks or other social engineering mechanisms that people may fall for when normal systems are down.

Up Next

In the next lesson, we will shift our focus to the subject of Governance, Risk, and Compliance - beginning with Governance. Be sure to answer the questions on the Tasks tab, then click Continue.

Forum Discussions